U.S. companies should be prepared for retaliatory cyberattacks following Biden Administration sanctions against Russia for invading Ukraine.
U.S. Rep. Jim Langevin, a senior member of the House Armed Services Committee, said private companies should be conducting tests to back up and restore data, instituting multifactor authentication, and ensuring software is up to date, reported The Wall Street Journal (Feb. 22).
What does this mean for the food industry?
FOOD AND AGRICULTURE SECTORS ARE UNDERPREPARED
There were an unprecedented number of cyberattacks against food companies last year.
In one notable example, major meat producer JBS SA grappled with a cybersecurity attack which affected servers supporting the company’s IT systems in North America and Australia. The attack disrupted two shifts and halted processing at one of Canada’s largest meatpacking plants.
The attack, among others, signaled that most food companies are not as prepared as they should be. In a recent Food Institute webinar titled Cyber Risk Management – What the Food Industry Needs to Know (available for viewing to FI members), experts discussed how food businesses should protect themselves.
Seyed Hejazi, director of security and privacy risk consulting at RSM Canada, noted that the food and agriculture sector is considered critical U.S. infrastructure, yet, it doesn’t have sufficient cybersecurity protection.
Here are some notable food company cyber-attack statistics highlighted by Hejazi:
- 99% of claims ($537M in total) were from small to medium enterprises with less than $2 billion in annual revenue (RSM and NetDiligence).
- There was a 300% increase in the amount of ransom demanded by threat actors in the first half of 2021 compared to first half of 2020 (Cyber Insurance Claims Report).
There are several ways food businesses can mitigate cyber risks.
Where should they start? The basics. “Start from addressing the low hanging fruit,” said Hejazi. “The basic steps towards cybersecurity hygiene … start to minimize some of the risk.”
These steps include:
- Asset and third-party risk management
- Invest in cyber insurance
- Enable multi-factor authentication
- Make sure backups are properly separated from networks that can be compromised
- Have an endpoint detection mechanism in place
- Continuous monitoring
- Have incident response plans
- Access to skilled resources that can help by deploying people quickly
- Have disaster recovery plans and test them
For more information on what food companies can do to mitigate cyber risk, read this article published by The Food Institute in partnership with Hub International.